Search Linux Wireless

Re: [PATCH] mac80211: fix NULL ptr dereference during mesh peer connection for non HE devices

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Abinaya,

Thank you for the patch! Perhaps something to improve:

[auto build test WARNING on mac80211-next/master]
[also build test WARNING on mac80211/master linus/master v5.12-rc7 next-20210414]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url:    https://github.com/0day-ci/linux/commits/Abinaya-Kalaiselvan/mac80211-fix-NULL-ptr-dereference-during-mesh-peer-connection-for-non-HE-devices/20210414-193552
base:   https://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next.git master
config: x86_64-randconfig-m001-20210414 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@xxxxxxxxx>

New smatch warnings:
net/mac80211/he.c:126 ieee80211_he_cap_ie_to_sta_he_cap() warn: inconsistent indenting

Old smatch warnings:
net/mac80211/he.c:33 ieee80211_update_from_he_6ghz_capa() error: uninitialized symbol 'smps_mode'.

vim +126 net/mac80211/he.c

   105	
   106	void
   107	ieee80211_he_cap_ie_to_sta_he_cap(struct ieee80211_sub_if_data *sdata,
   108					  struct ieee80211_supported_band *sband,
   109					  const u8 *he_cap_ie, u8 he_cap_len,
   110					  const struct ieee80211_he_6ghz_capa *he_6ghz_capa,
   111					  struct sta_info *sta)
   112	{
   113		struct ieee80211_sta_he_cap *he_cap = &sta->sta.he_cap;
   114		struct ieee80211_sta_he_cap own_he_cap;
   115		struct ieee80211_he_cap_elem *he_cap_ie_elem = (void *)he_cap_ie;
   116		u8 he_ppe_size;
   117		u8 mcs_nss_size;
   118		u8 he_total_size;
   119		bool own_160, peer_160, own_80p80, peer_80p80;
   120	
   121		memset(he_cap, 0, sizeof(*he_cap));
   122	
   123		if (!he_cap_ie || !ieee80211_get_he_sta_cap(sband))
   124			return;
   125	
 > 126		 own_he_cap = sband->iftype_data->he_cap;
   127	
   128		/* Make sure size is OK */
   129		mcs_nss_size = ieee80211_he_mcs_nss_size(he_cap_ie_elem);
   130		he_ppe_size =
   131			ieee80211_he_ppe_size(he_cap_ie[sizeof(he_cap->he_cap_elem) +
   132							mcs_nss_size],
   133					      he_cap_ie_elem->phy_cap_info);
   134		he_total_size = sizeof(he_cap->he_cap_elem) + mcs_nss_size +
   135				he_ppe_size;
   136		if (he_cap_len < he_total_size)
   137			return;
   138	
   139		memcpy(&he_cap->he_cap_elem, he_cap_ie, sizeof(he_cap->he_cap_elem));
   140	
   141		/* HE Tx/Rx HE MCS NSS Support Field */
   142		memcpy(&he_cap->he_mcs_nss_supp,
   143		       &he_cap_ie[sizeof(he_cap->he_cap_elem)], mcs_nss_size);
   144	
   145		/* Check if there are (optional) PPE Thresholds */
   146		if (he_cap->he_cap_elem.phy_cap_info[6] &
   147		    IEEE80211_HE_PHY_CAP6_PPE_THRESHOLD_PRESENT)
   148			memcpy(he_cap->ppe_thres,
   149			       &he_cap_ie[sizeof(he_cap->he_cap_elem) + mcs_nss_size],
   150			       he_ppe_size);
   151	
   152		he_cap->has_he = true;
   153	
   154		sta->cur_max_bandwidth = ieee80211_sta_cap_rx_bw(sta);
   155		sta->sta.bandwidth = ieee80211_sta_cur_vht_bw(sta);
   156	
   157		if (sband->band == NL80211_BAND_6GHZ && he_6ghz_capa)
   158			ieee80211_update_from_he_6ghz_capa(he_6ghz_capa, sta);
   159	
   160		ieee80211_he_mcs_intersection(&own_he_cap.he_mcs_nss_supp.rx_mcs_80,
   161					      &he_cap->he_mcs_nss_supp.rx_mcs_80,
   162					      &own_he_cap.he_mcs_nss_supp.tx_mcs_80,
   163					      &he_cap->he_mcs_nss_supp.tx_mcs_80);
   164	
   165		own_160 = own_he_cap.he_cap_elem.phy_cap_info[0] &
   166			  IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G;
   167		peer_160 = he_cap->he_cap_elem.phy_cap_info[0] &
   168			   IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G;
   169	
   170		if (peer_160 && own_160) {
   171			ieee80211_he_mcs_intersection(&own_he_cap.he_mcs_nss_supp.rx_mcs_160,
   172						      &he_cap->he_mcs_nss_supp.rx_mcs_160,
   173						      &own_he_cap.he_mcs_nss_supp.tx_mcs_160,
   174						      &he_cap->he_mcs_nss_supp.tx_mcs_160);
   175		} else if (peer_160 && !own_160) {
   176			ieee80211_he_mcs_disable(&he_cap->he_mcs_nss_supp.rx_mcs_160);
   177			ieee80211_he_mcs_disable(&he_cap->he_mcs_nss_supp.tx_mcs_160);
   178			he_cap->he_cap_elem.phy_cap_info[0] &=
   179				~IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G;
   180		}
   181	
   182		own_80p80 = own_he_cap.he_cap_elem.phy_cap_info[0] &
   183			    IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_80PLUS80_MHZ_IN_5G;
   184		peer_80p80 = he_cap->he_cap_elem.phy_cap_info[0] &
   185			     IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_80PLUS80_MHZ_IN_5G;
   186	
   187		if (peer_80p80 && own_80p80) {
   188			ieee80211_he_mcs_intersection(&own_he_cap.he_mcs_nss_supp.rx_mcs_80p80,
   189						      &he_cap->he_mcs_nss_supp.rx_mcs_80p80,
   190						      &own_he_cap.he_mcs_nss_supp.tx_mcs_80p80,
   191						      &he_cap->he_mcs_nss_supp.tx_mcs_80p80);
   192		} else if (peer_80p80 && !own_80p80) {
   193			ieee80211_he_mcs_disable(&he_cap->he_mcs_nss_supp.rx_mcs_80p80);
   194			ieee80211_he_mcs_disable(&he_cap->he_mcs_nss_supp.tx_mcs_80p80);
   195			he_cap->he_cap_elem.phy_cap_info[0] &=
   196				~IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_80PLUS80_MHZ_IN_5G;
   197		}
   198	}
   199	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@xxxxxxxxxxxx

Attachment: .config.gz
Description: application/gzip

[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Wireless Personal Area Network]     [Linux Bluetooth]     [Wireless Regulations]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Hiking]     [MIPS Linux]     [ARM Linux]     [Linux RAID]

  Powered by Linux